Page 1 of 1

Quirks of Facebook (and google)

Posted: Tue Oct 30, 2012 10:31 pm
by sdfgeoff
Well, I like IRC, and use it quite a bit, so I've been creating custom pages to put it on.

In an online browser game I play, I made a page that will load chat down the bottom, and the game up the top. That works fine.
So how about facebook? Well, facebook doesn't load in a frame.
So I tried to load google so I could then find facebook. No such luck, google didn't work either.

I was now wondering if my code was wrong.
But I tried one more: duckduckgoo.com
That loaded fine, and from there I tried to access both facebook and google.
Facebook loaded, but overwrote the frameset.
Google didn't load at all.

How can a page even detect that it's in a frame?
Why would a page guard against it, I can't see it being a security risk.

If you are interested, the code I used:

Code: Select all

<head>
<title>sdfgeoff's chat bar</title>
<meta name='author' content='sdfgeoff'>
<meta name='date' content='30 October 2012'></meta>

<frameset rows="*,300">
  <frame src="http://duckduckgoo.com" name="PG">
  <frame src="http://widget00.mibbit.com/?settings=bdf88975c778a8d1535311aebda07265&server=irc.mibbit.net&channel=%23DEEP_Space&nick=Friend_23%3F%3F&noservernotices=true" name="Chat">
</frameset>
</head>
<body>
</body>

Re: Quirks of Facebook (and google)

Posted: Tue Oct 30, 2012 10:32 pm
by sdfgeoff
Oh, and the facebook html source code is an absolute nightmare. I think they deliberately made it impossible to read.
Google is the same

Re: Quirks of Facebook (and google)

Posted: Tue Oct 30, 2012 10:38 pm
by Isaac
By the powers invested in me, I call upon the titans to move thy thread into the proper section. Arise, Jeff! Arise!

edit: I'd stay away from frames and do some kind of ajax get function, but I'm a noob so I'll stfu

Re: Quirks of Facebook (and google)

Posted: Tue Oct 30, 2012 10:40 pm
by sdfgeoff
yeah, sorry, this is more Tech than Cafe

Re: Quirks of Facebook (and google)

Posted: Tue Oct 30, 2012 10:44 pm
by Isaac
Wha? Tech? That's hardware and closed source software you bought at Walmart.

Let me welcome you to the coders corner: http://descentbb.net/viewforum.php?f=7

Re: Quirks of Facebook (and google)

Posted: Wed Oct 31, 2012 1:11 am
by Jeff250
Look into the X-Frame-Options HTTP header.
Isaac wrote:Arise, Jeff!
As a mod, I can't move stuff *into* my forums, only out of...

Re: Quirks of Facebook (and google)

Posted: Wed Oct 31, 2012 3:14 am
by roid
i thought the ability to detect you were in a frame and/or force a page refresh was a Java thing, can facebook work without java? I'd try that out.

But with html5 in the mix too thesedays i guess everything gets more complex. So who knows if it's java now or what

Re: Quirks of Facebook (and google)

Posted: Thu Nov 01, 2012 3:45 pm
by Isaac
roid wrote:i thought the ability to detect you were in a frame and/or force a page refresh was a Java thing, can facebook work without java? I'd try that out.

But with html5 in the mix too thesedays i guess everything gets more complex. So who knows if it's java now or what
java!=javascript

Re: Quirks of Facebook (and google)

Posted: Thu Nov 01, 2012 4:24 pm
by Valin Halcyon
The reason is less honorable pages used to use frames to "hijack" a major page, like FB or Google and put ads around it. It was unethical, and a major legal issue. The ability to detect someone trying to do that was quickly added to the DOM, and rapidly adopted to prevent the problem.

Re: Quirks of Facebook (and google)

Posted: Sat Dec 01, 2012 9:33 pm
by Thenior
Valin is right, most browsers won't even let you load cross-domain ajax. Think about all the scams that could be done...

Re: Quirks of Facebook (and google)

Posted: Sun Dec 02, 2012 2:37 pm
by Jeff250
The question is about cross-domain frames, which are allowed, unless the framed response includes the X-Frame-Options HTTP header (which Google and Facebook *do* include), or, as Valin points out, you have javascript enabled and the framed page has some script to try to detect if it is framed.